Quiz 1E — Enforcement Agencies and Mechanisms | LawZeee — Know Your Cyber Laws Before You Break It

Question 1

A company that suffered a ransomware attack wants to report it to federal authorities. Which agency and portal should they use to submit an initial internet crime complaint?

AFTC — reportfraud.ftc.govBCISA — cisa.gov/reportCFBI — IC3.gov (Internet Crime Complaint Center)DDOJ CCIPS — directly via email

Question 2

What is the primary role of DOJ's Computer Crime and Intellectual Property Section (CCIPS)?

AInvestigating cybercrime in the field (conducting interviews, executing search warrants)BProsecuting cybercrime cases, providing policy and legal guidance, and training prosecutors nationwideCAdministering CIRCIA breach reporting obligationsDIssuing OFAC sanctions designations against ransomware groups

Question 3

A company's CISO wants to report a ransomware attack to a federal agency to get defensive support and threat intelligence sharing WITHOUT necessarily triggering a criminal investigation. Which agency is most directly positioned for this role?

AFBI Cyber DivisionBDOJ National Security DivisionCCISA (Cybersecurity and Infrastructure Security Agency)DFinCEN

Question 4

Before approving a ransomware payment, legal counsel must conduct screening against which government list to avoid civil liability for sanctions violations?

AFBI's Most Wanted listBOFAC's Specially Designated Nationals (SDN) listCCISA's Known Exploited Vulnerabilities catalogDFinCEN's High-Risk Customer list

Question 5

Which of the following best describes the FinCEN reporting obligation triggered by a ransomware payment?

AAll ransomware payments must be reported to FinCEN by the victim within 24 hoursBFinancial institutions involved in ransomware-related transactions (banks, cryptocurrency exchanges) have BSA Suspicious Activity Report (SAR) filing obligationsCFinCEN prohibits all ransomware payments above $10,000DOnly insurance companies paying ransomware claims must report to FinCEN

Question 6

A federal prosecutor needs subscriber information and server logs from an internet company in Germany for a U.S. cybercrime case. What is the formal evidence-sharing mechanism — and what is its primary limitation?

AThe FBI can directly demand the records under U.S. law; no limitationBA Mutual Legal Assistance Treaty (MLAT) request through DOJ's Office of International Affairs — primary limitation is latency (months to over a year)CCISA can request the records under CIRCIA; limitation is that CIRCIA only covers U.S. critical infrastructureDThe Second Additional Protocol to the Budapest Convention requires Germany to produce the records within 24 hours

Question 7

Federal cybercrime sentences often combine multiple charges. Which charge adds a MANDATORY 2-year consecutive prison term that cannot be suspended or run concurrently?

AWire fraud (18 U.S.C. § 1343)BRICO (18 U.S.C. § 1963)CAggravated identity theft (18 U.S.C. § 1028A)DComputer fraud (CFAA § 1030)

Question 8

The government seized a portion of the Colonial Pipeline ransom payment. What legal mechanism enables law enforcement to seize cryptocurrency connected to cybercrime?

AMLAT with Russia (where the attackers were located)BCriminal forfeiture proceedings — courts can issue seizure warrants for cryptocurrency wallets once identified through blockchain tracingCCFAA civil action seeking restitution from the hackerDFinCEN freeze order on suspicious cryptocurrency accounts

Question 9

The NSA's Vulnerabilities Equities Process (VEP) governs what decision?

AWhether to publicly name nation-state hacking groups in DOJ indictmentsBWhether to disclose a discovered vulnerability to the vendor or retain it for offensive/intelligence useCWhether to extradite foreign hackers to the United StatesDWhether a vulnerability disclosure by a researcher qualifies for bug bounty payment

Question 10

A company that notified consumers of a breach two months after discovery (without any law enforcement delay request) is facing California AG investigation. A consumer class action was also filed the same week as public notification. What is the most accurate description of the company's legal exposure?

AOnly the criminal investigation matters — civil class actions cannot proceed until the criminal case is resolvedBThe company faces both regulatory enforcement (CA AG for breach notification violation) and civil class action exposure (§ 1798.150 for unreasonable security) simultaneously — these run on independent tracksCThe company is protected from civil suit because it notified within 60 days, which satisfies the reasonable diligence standardDThe CA AG investigation suspends the class action until regulatory proceedings are complete